Friends of Sierra

Privacy

Privacy Policy

We collect only what we need to process donations, fulfill sponsorships and products, issue receipts, and operate Friends of Sierra responsibly — and we give you clear control over your records.

Last updated: May 10, 2026

This Privacy Policy explains how Friends of Sierra ("Friends of Sierra," "we," "us," or "our") handles personal information when you visit friendsofsierra.org, donate, sponsor a dog, purchase a thank-you item, sign into the donor portal, or otherwise interact with us. It applies to information processed through our website and our supporting systems. It does not apply to third-party sites we link to, which operate under their own policies.

1. Information We Collect

Information you give us directly

  • Contact details: name and email address when you donate, sponsor, sign into the donor portal, contact us, or sign up for updates.
  • Donation and sponsorship details: amount, frequency (one-time, monthly, yearly), dog selections, dedications, and any message you choose to include.
  • Shipping address: required only when your bag includes a physical thank-you item (such as a T-shirt) so we can fulfill the order.
  • Billing details: billing address as required by your payment method. Card details are entered directly into Stripe's secure payment fields and never reach our servers.
  • Messages and requests: the content of emails, contact-form submissions, and privacy requests you send to us.
  • Legal consent records: a timestamped record that you accepted these terms and this policy at the time you submitted a donation, sponsorship, or order.

Information collected automatically

  • Session and bag cookies: we set a small number of first-party cookies. The donation bag cookie (fos_bag) is a signed identifier that lets your bag persist across pages without requiring an account. Donor and admin session cookies (fos_donor_session, fos_admin_session) keep you signed in to the portal or admin area. These cookies are essential for the site to function and are not used for advertising or cross-site tracking.
  • Privacy-preserving analytics: we use Cloudflare Web Analytics, which collects aggregate traffic measurements (page views, referrers, country) without cookies, fingerprinting, or any personally identifying data. The donor portal and admin area are excluded from analytics entirely.
  • Server logs: our hosting provider (Cloudflare) records standard request metadata such as IP address, user agent, and timestamps for security, abuse prevention, and debugging. We do not log donor identifiers, email addresses, payment details, magic-link tokens, or session cookies.

Information from third parties

  • Payment processor (Stripe): we receive a charge ID, last-four digits, card brand, and status updates so we can issue receipts and reflect refunds, disputes, and subscription changes.
  • Historical donor data: if you previously donated through our prior WordPress site, your donor record and donation history were migrated into the new system so your portal reflects a complete history.

2. How We Use Information

We use personal information only to:

  • Process donations, sponsorships, product orders, refunds, disputes, and recurring subscription billing through Stripe.
  • Issue per-donation receipts, sponsorship updates, annual giving summaries, and order confirmations by email.
  • Maintain your donor record and provide secure access to the donor portal via single-use magic links sent to your email.
  • Fulfill and ship thank-you items, and notify you of shipment status.
  • Respond to your questions, support requests, and privacy requests.
  • Operate the website, prevent fraud and abuse, secure our systems, and meet our legal, tax, and accounting obligations as a 501(c)(3) public charity.
  • Improve the site using aggregate, non-identifying analytics.

We do not use your information to build advertising profiles, and we do not sell or rent personal information to anyone, ever.

3. Cookies and Similar Technologies

We use only first-party, strictly necessary cookies. We do not use advertising cookies, third-party tracking pixels, or cross-site fingerprinting. The cookies we set are:

  • fos_bag — a signed identifier for your in-progress donation bag. Roughly 90-day expiry. Set when you first add something to your bag.
  • fos_donor_session — your donor portal sign-in. Issued when you complete a magic-link sign-in. 30-day sliding expiry; revocable from your portal settings.
  • fos_admin_session — set only for authorized staff after admin sign-in. Separately namespaced so admin and donor identities never mix.

You can clear these cookies from your browser at any time. Clearing the bag cookie will discard any in-progress donation bag; clearing the session cookie will sign you out of the portal.

4. Magic-Link Sign-In

The donor portal uses passwordless sign-in. When you request access, we email a single-use link to your address on file. The link expires in 15 minutes and can be used only once. We store these tokens hashed and never log them. If you receive a magic link you didn't request, you can safely ignore it; no action is taken until the link is opened.

5. Analytics

Our only analytics tool is Cloudflare Web Analytics, which is cookie-free, does not fingerprint visitors, and does not collect personal data. We do not use Google Analytics, Plausible, Fathom, Mixpanel, Meta Pixel, or any similar product, and we have no plans to. The donor portal and admin routes are excluded from analytics altogether.

6. How We Share Information

We share personal information only with vetted service providers acting on our behalf, and only as needed to deliver the services you've asked for or to meet our legal obligations. Our principal processors are:

  • Stripe — payment processing, subscription billing, and the system of record for charges, refunds, and disputes.
  • Cloudflare — website hosting, content delivery, database (D1), object storage (R2) for receipt PDFs, and DDoS/abuse protection.
  • Elastic Email — delivery of transactional email (receipts, magic links, sponsorship updates, order confirmations).
  • Shipping and fulfillment partners — only when your bag includes a physical thank-you item and a shipping address is required.
  • Professional advisers — accountants, auditors, and counsel, where required for tax filings, audits, or legal compliance.

We may also disclose information if required by law, subpoena, or court order; to protect the rights, safety, or property of Friends of Sierra, our supporters, or the public; or in connection with a merger, acquisition, or dissolution of the organization (in which case the receiving party would be bound by terms at least as protective as this policy).

7. Data Retention

We keep different categories of information for different periods, based on what each is for:

  • Donation and tax records: retained for at least seven years to meet IRS recordkeeping and substantiation requirements applicable to 501(c)(3) organizations.
  • Donor profile data: kept while your account is active and while you have active sponsorships, then retained on the same recordkeeping schedule unless you request deletion.
  • Magic-link tokens: hashed and deleted after use or 15-minute expiry.
  • Receipt PDFs: stored in R2 for the life of the account; removed if you request account deletion.
  • Server logs: retained briefly for security and operational purposes per Cloudflare's defaults, then discarded.
  • Donation bag (anonymous): retained for up to 90 days after last activity, then expired.

8. Your Privacy Rights and Choices

Regardless of where you live, we offer the following rights to anyone who has donated, sponsored, or created a donor record with us. You can:

  • Access the personal information we hold about you.
  • Correct inaccurate information through your portal profile or by contacting us.
  • Download a JSON export of your data from the portal (rate-limited to three exports per day).
  • Request deletion of your account and personal information (see the next section).
  • Opt out of non-transactional communications.
  • Ask a question about how we've used your data, and receive a response.

Visit the Privacy Choices and GDPR Requests page to start a request. We may need to verify your identity (typically by confirming you control the email address on file) before acting on a request. Some records, such as donation and tax data, must be retained for the periods described above even after account deletion.

9. Account Deletion — What Stays and What Goes

When you delete your account from Settings → Delete my data in the portal:

  • Your name is replaced with a deletion tombstone ([deleted]).
  • Your email address and mailing address are cleared from our database.
  • Any active sponsorships are canceled in Stripe.
  • Your receipt PDFs are removed from our object storage.
  • Anonymized donation rows are retained for aggregate reporting and audit cross-reference. After deletion, Stripe's charge ledger is the authoritative tax-substantiation record for the organization.

Deletion is irreversible. We will confirm by email before completing it.

10. Security

We take reasonable administrative, technical, and physical safeguards to protect personal information, including transport encryption (HTTPS), HMAC-signed session and bag cookies, hashed magic-link tokens, scoped API keys for Stripe, role-separated admin sessions, and least-privilege access controls. No system is perfectly secure; if we ever discover a breach affecting your information, we will notify you and any regulators as required by law.

11. Children's Privacy

This website is intended for adults. We do not direct our services to children under 13 and do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will delete it.

12. International Visitors

Friends of Sierra is based in the United States and our services are intended for US donors. If you visit our site from outside the US, your information will be processed in the US under US law. Even though we are not subject to GDPR by default, we extend the access, correction, deletion, and export rights described above to anyone who asks.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be reflected with reasonable prominence on the website. Your continued use of the site after an update means you accept the revised policy.

14. Contact Us

Privacy questions or requests can be sent to [email protected] or mailed to:

Friends of Sierra
7100 S Clinton St, Suite 200
Centennial, CO 80112
EIN 83-2716638